Financial Services Cybersecurity Weekly Briefing 8-25-2017

Backdoor Found in Enterprise Software Used by Banks, Tech, and Energy Companies

Attackers waited for companies to download and install versions of the trojanized apps. Once they infected a victim, the attackers used the backdoored software to upload files on infected computers, store data in a virtual filesystem (VFS), and run apps and create processes to execute malicious code. The backdoor trojan communicated with the attackers’ command and control servers via DNS requests. It was this sudden surge in suspicious DNS requests that drew the attention of Kaspersky researchers and led to the backdoor’s discovery.

Protecting Financial Data in Cyberspace: Precedent for Further Progress on Cyber Norms?

In terms of norm identification, few issues have proven more problematic than cyber operations targeting data, whether in peace or war. Of particular note are those involving financial data, in large part because of the interdependency of the global financial system. Responding to this situation, the Carnegie Endowment for International Peace has urged States to pledge to refrain from conducting cyber operations that “undermine the integrity of data and algorithms of financial institutions in peacetime and wartime,” as well as the availability of critical financial systems, such as clearing houses.

It’s no wonder then that government agencies across the world are now seeking to use blockchain technology to gain an advantage in the field. The Pentagon, for example, wants to apply blockchain tech to protect the military from hacking, counterintelligence attempts, and other types of cyber-attacks. Since the blockchain is incorruptible and cannot be tampered with, it can be used in a number of sensitive situations such as when sending messages to military personnel or recording transactions in an unmodifiable way.

The Cybersecurity Risks to Financial Services That are Making the Biggest Impact in 2017

Cybersecurity products and platforms can do a great job for you—when your organisation has the expertise and number of people needed to implement and use them correctly, for example, to configure and tune the products and interpret the large volumes of data being produced. The problem for most firms involved in financial services and capital markets is that they just don’t have the number of people or the skills and experience required to use their tools well. […] Some cybersecurity product firms have added consulting arms in recent years, but it is unlikely (read: impossible) that this can be enough to fill the current gap, let alone what is coming.

Ukraine’s central bank has warned state-owned and private banks across the country that a new malware campaign targeting financial services firms across the country may be a prelude to another assault of Not-Petya proportions. “The nature of this malicious code, its mass distribution, and the fact that at the time of its distribution it was not detected by any anti-virus software, suggest that this attack is preparation for a mass cyberattack on the corporate networks of Ukrainian businesses,” the central bank warned financial institutions earlier this month, in a letter seen by Reuters.

The FTC does not have rulemaking authority, but it can enforce prohibitions on false and deceptive conduct or failure to meet the reasonable expectations of customers, including on data security. Just last week, it settled with app-based car-hailing service Uber over allegations of deceptive data security claims, a development that FTC chair Maureen Ohlhausen said demonstrated the agency’s ongoing commitment to privacy and security. […] The FTC has been doing data-security work for years, but for 2017, our enforcement program is going to be looking at sensitive data first and foremost, including companies that are dealing with information about children, financial and health information, Social Security numbers and geolocation.

On August 20th, Enigma, a decentralized marketplace and cryptocurrency investment platform was hacked by an unknown hacker. As a result, $500,000 in Ethereum was stolen. The hack attack occurred when the company was gearing up for crypto token sale. The attack was quite sophisticated since the hacker took over Enigma’s website, admin passwords, email newsletter and Slack account. The hacker then managed to develop and upload a fake pre-sale page linked with a phony ETH address and tricked users into sending money.

Want more cybersecurity information?

We may also occasionally send you information about Critical Informatics products and solutions; you can unsubscribe at anytime if desired.Leave this field empty if you're human:

About Critical Informatics

We are world-class information security professionals providing Managed Detection and Response services to help you be secure, compliant, and resilient against threats to the life safety, life-sustaining, and quality-of-life systems and services you provide to clients, customers, constituents, and communities.